Last updated: 2025-10-16 15:16:14 +0200

unclassified (110)

??: 110
Average staleness: 355 / Average age: 505

Bug	Severity	Summary	Stale	Age
864013	??	app-i18n/yaskkserv2: 'cargo audit' reports one or more bundled CRATES as vulnerable	1167	1167
864028	??	app-shells/mcfly: 'cargo audit' reports one or more bundled CRATES as vulnerable	1167	1167
864031	??	app-shells/nushell: 'cargo audit' reports one or more bundled CRATES as vulnerable	1167	1167
864067	??	dev-util/rustup: 'cargo audit' reports one or more bundled CRATES as vulnerable	1167	1167
864076	??	dev-util/wachy: 'cargo audit' reports one or more bundled CRATES as vulnerable	1167	1167
864082	??	dev-vcs/mercurial: 'cargo audit' reports one or more bundled CRATES as vulnerable	1167	1167
864046	??	dev-python/adblock: 'cargo audit' reports one or more bundled CRATES as vulnerable	1166	1167
675904	??	dev-db/{mariadb,mysql,percona-server,mysql-connector-c}: ENABLED_LOCAL_INFILE in the client is exploitable by the server	1162	2461
864052	??	dev-util/bingrep: 'cargo audit' reports one or more bundled CRATES as vulnerable	1115	1167
880669	??	[Tracker] Go x/text DoS via crafted Accept-Language header CVE-2022-32149 linux kernel: multiple vulnerabilities in Xen sys-apps/portage uses /var/tmp insecurely [Tracker] UAF in Expat's xmlparse.c:doContent [Tracker] Vulnerabilty in app-arch/qpress [Tracker] Prometheus basic authentication bypass via exporter-toolkit [Tracker] Denial of service in Go's net/http [Tracker] Denial of service in Go's crypto/ssh [Tracker] nuget credential leakage Use-after-free in Zen 2 processors ("zenbleed") [Tracker] MySQL DoS (Oracle CPU Oct 2023) RUSTSEC-2023-0075: unsafe-libyaml: Unaligned write of u64 on 32-bit and 16-bit platforms GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS [Tracker] runc container breakout vulnerability [Tracker] CUPS vulnerabilities on 2024-09-26 [Tracker] Vulnerability in 7zip's zstandard (zstd) implementation dev-libs/xmlrpc-c[-libxml2] uses vulnerable bundle of dev-libs/expat from many years ago media-libs/giflib buffer overflow media-libs/giflib path traversal vulnerability in gifinto utility	1071	1071

unknown (35)

Major: 1 / Normal: 5 / Minor: 13 / Trivial: 10 / ??: 6
Average staleness: 802 / Average age: 1174

Bug	Severity	Summary	Stale	Age
934736	Major	<app-editors/emacs-{26.3-r19,27.2-r17,28.2-r13,29.3-r3} <app-emacs/org-mode-9.7.5: org-mode command execution vulnerability CVE-2024-39331	322	481
786957	Normal	net-misc/wget: Authorisation header disclosure on redirect (CVE-2021-31879) CVE-2021-31879	1444	1631
765361	Normal	<dev-lang/R-4.0.4: code execution via malicious CRAN package (CVE-2020-27637) CVE-2020-27637	649	1737
929208	Normal	<dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode() CVE-2024-3651	309	552
957792	Normal	<kde-apps/konsole-24.12.3-r1, <kde-apps/konsole-25.04.2: Incorrect telnet scheme handling CVE-2025-49091	123	128
869413	Normal	sys-apps/man2html: multiple vulnerabilities CVE-2021-40647 CVE-2021-40648	6	1132
761412	Minor	dev-libs/libtomcrypt: Out of bounds read (CVE-2019-17362) CVE-2019-17362	1540	1758
714024	Minor	sci-libs/hdf5: multiple vulnerabilities CVE-2020-10809 CVE-2020-10810 CVE-2020-10811 CVE-2020-10812 CVE-2021-45829 CVE-2021-45830 CVE-2021-45832 CVE-2021-45833 CVE-2021-46242 CVE-2021-46243 CVE-2021-46244 sci-libs/hdf5: heap buffer overread	1363	2034
661156	Minor	sci-libs/hdf: Multiple vulnerabilities CVE-2018-14031 CVE-2018-14032 CVE-2018-14033 CVE-2018-14034 CVE-2018-14035	1162	2651
799785	Minor	dev-libs/keystone: multiple vulnerabilities (CVE-2020-{36404,36405}) CVE-2020-36404 CVE-2020-36405	1155	1567

tracker (25)

Normal: 1 / ??: 24
Average staleness: 407 / Average age: 960

Bug	Severity	Summary	Stale	Age
915553	Normal	[Tracker] HTTP/2 Rapid Reset vulnerability CVE-2023-44487 Tracked bugs: 8 open / 14 total	62	737
824306	??	[Tracker] Vulnerability in gstreamer (CVE-2021-3522) CVE-2021-3522 Tracked bugs: 1 open / 2 total	1428	1428
792267	??	[Tracker] Packages misusing libsoup API for TLS validation Tracked bugs: 5 open / 5 total	1148	1604
807352	??	[Tracker] NO STARTTLS collection of vulnerabilities Tracked bugs: 2 open / 18 total	1148	1528
811909	??	[Tracker] ElGamal Plaintext Recovery in dev-libs/botan CVE-2021-40529 Tracked bugs: 1 open / 2 total	1148	1500
924455	??	[Tracker] "KeyTrap" DNS DoS vulnerability CVE-2023-50387 CVE-2023-50868 Tracked bugs: 5 open / 5 total	604	610
643228	??	[TRACKER] kernel: Meltdown and Spectre - A flaw in modern processors (CVE-2017-{5715,5753,5754}) Tracked bugs: 1 open / 7 total	592	2843
643342	??	[TRACKER] hw: cpu: speculative execution branch target injection (CVE-2017-5715) CVE-2017-5715 Tracked bugs: 1 open / 11 total	592	2842
920280	??	[Tracker] Terrapin Vulnerability CVE-2023-48795 Tracked bugs: 4 open / 10 total	544	668
932373	??	[Tracker] Mozilla Foundation Security Advisory for May 14/15th, 2024 CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769 CVE-2024-4770 CVE-2024-4777 MSFA2024-21 MSFA2024-22 MSFA2024-23 Tracked bugs: 263 open / 10000 total	513	513

upstream (95)

Major: 4 / Normal: 26 / Minor: 47 / Trivial: 13 / ??: 5
Average staleness: 904 / Average age: 1398

Bug	Severity	Summary	Stale	Age
626822	Major	media-libs/libmad: Dos (memory corruption) via crafted MP3 files CVE-2017-11552	1631	2998
907924	Major	dev-python/reportlab: remote code execution CVE-2023-33733	863	863
866386	Major	app-arch/unzip: null pointer dereference CVE-2021-4217	739	1149
901393	Major	app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection CVE-2023-28339	282	946
721672	Normal	dev-python/pip: Possible code execution via untrusted packages from external indexes (CVE-2018-20225) CVE-2018-20225	1987	1987
617474	Normal	x11-libs/cairo: NULL pointer dereference with a crafted font file (CVE-2017-7475) CVE-2017-7475	1545	3087
810034	Normal	media-libs/plib: integer overflow leading to code execution (CVE-2021-38714) CVE-2021-38714	1514	1514
717714	Normal	sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial of service (CVE-2019-6293)	1460	2009
845039	Normal	dev-embedded/u-boot-tools: unbounded memcpy in nfs CVE-2022-30767	1249	1249
829835	Normal	sys-devel/patch: invalid free vulnerability CVE-2021-45261 sys-devel/patch: Double free allowing DoS in another_hunk (CVE-2019-20633)	1156	1394

upstreamebuild (30)

Major: 1 / Normal: 8 / Minor: 14 / Trivial: 6 / ??: 1
Average staleness: 674 / Average age: 1226

Bug	Severity	Summary	Stale	Age
963579	Major	app-emulation/open-vm-tools: local privilege escalation on guest VM CVE-2025-41244	8	17
798480	Normal	app-text/djvu: multiple vulnerabilities (CVE-2021-{3500,32490,32491,32492,32493}) CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVE-2021-3500	1385	1574
759544	Normal	www-misc/awstats: Arbitrary code execution (CVE-2020-35176) CVE-2020-35176	1157	1769
821346	Normal	dev-db/redis: integer overflow via bundled hiredis	1090	1444
836920	Normal	sys-apps/busybox: multiple vulnerabilities CVE-2022-28391 CVE-2022-30065	797	1289
793953	Normal	net-dns/avahi: multiple DoS vulnerabilities CVE-2021-3468 CVE-2021-3502 CVE-2021-36217 CVE-2023-1981 CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473	711	1597
918403	Normal	media-libs/tiff: crafted input results in out-of-memory CVE-2023-6277	692	692
897952	Normal	app-text/htmltidy: arbitrary code execution CVE-2021-33391	475	963
838382	Normal	media-sound/sox: multiple vulnerabilities CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-3643 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651 CVE-2023-26590 CVE-2023-32627 CVE-2023-34318 CVE-2023-34432	305	1280
638434	Minor	sys-libs/db: Berkeley DB reads DB_CONFIG from the current working directory CVE-2017-10140	1950	2885

ebuild (44)

Critical: 2 / Major: 4 / Normal: 11 / Minor: 18 / Trivial: 7 / ??: 2
Average staleness: 653 / Average age: 874

Bug	Severity	Summary	Stale	Age
918679	Critical	dev-libs/stb: multiple vulnerabilities CVE-2023-43281 CVE-2023-43898 CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-45676 CVE-2023-45677 CVE-2023-45678 CVE-2023-45679 CVE-2023-45680 CVE-2023-45681 CVE-2023-45682	557	688
937483	Critical	net-wireless/wpa_supplicant: possible privilege escalation CVE-2024-5290	173	435
942684	Major	sys-cluster/slurm: Incorrect Authorization CVE-2024-48936	207	349
953891	Major	www-client/firefox{-bin,}: multiple vulnerabilities CVE-2025-3608	183	184
953892	Major	mail-client/thunderbird{-bin,}: multiple vulnerabilities CVE-2025-2830 CVE-2025-3523	181	184
964374	Major	net-fs/samba: multiple vulnerabilities CVE-2025-10230 CVE-2025-9640	1	1
802513	Normal	net-analyzer/fail2ban: code exection via malicious whois responses (CVE-2021-32749) CVE-2021-32749	1163	1553
821220	Normal	<sys-devel/gcc-12.1.0: Unicode "bidirectional override" (CVE-2021-42574)	1159	1445
868150	Normal	<dev-lang/python-{3.8.13_p8, 3.9.13_p6, 3.10.6_p4, 3.11.0_rc1_p2}, dev-python/pypy{,3}: Denial of service via abuse of bignum int type CVE-2020-10735	1100	1139
917613	Normal	net-libs/pjproject: UAF in SRTP media transport CVE-2023-38703	696	696

stable? (14)

Major: 1 / Normal: 2 / Minor: 11
Average staleness: 26 / Average age: 69

Bug	Severity	Summary	Stale	Age
958408	Normal	<app-antivirus/clamav-1.4.3: Multiple vulnerabilities CVE-2025-20234 CVE-2025-20260	67	119
934140	Minor	<mail-filter/amavisd-new-2.13.1: email parsing vulnerability CVE-2024-28054	117	491
961516	Minor	<dev-ruby/rails-{7.1.5.2:7.1,7.2.2.2:7.2,8.0.2.1:8.0}: Multiple Vulnerabilities CVE-2025-24293 CVE-2025-55193	62	62
961874	Minor	<dev-libs/glib-2.84.4: Buffer Under-read on GLib through glib/gfileutils.c via get_tmp_file() CVE-2025-7039	55	55
964043	Minor	<www-servers/varnish-7.7.3: HTTP/2 MadeYouReset vulnerability	2	5

stable (22)

Major: 1 / Normal: 7 / Minor: 14
Average staleness: 22 / Average age: 344

Bug	Severity	Summary	Stale	Age
921521	Normal	<mail-mta/sendmail-8.18.1: smtp smuggling CVE-2023-51765	82	649
951422	Normal	<dev-lang/php-{8.2.28,8.3.19}: multiple vulnerabilities CVE-2024-11235 CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861	82	215
953900	Normal	<gnome-extra/yelp-42.3 - Dangerous Arbitrary File Read Vulnerability CVE-2025-3155	60	183
951738	Minor	<dev-vcs/mercurial-6.9.4: XSS in hgweb CVE-2025-2361	183	208

cleanup (176)

Critical: 2 / Major: 16 / Normal: 32 / Minor: 113 / Trivial: 8 / ??: 5
Average staleness: 380 / Average age: 590

Bug	Severity	Summary	Stale	Age
953023	Critical	<dev-lang/spidermonkey-128.9.0: multiple vulnerabilities <dev-lang/spidermonkey-128.4.0: multiple vulnerabilities <dev-lang/spidermonkey-128.5.0: multiple vulnerabilities <dev-lang/spidermonkey-128.6.0: multiple vulnerabilities <dev-lang/spidermonkey-128.8.0: multiple vulnerabilities <dev-lang/spidermonkey-128.13.0: multiple vulnerabilities	27	198
914781	Major	<net-print/cups-2.4.7: Buffer overflow when reading Postscript in PPD files CVE-2023-4504 <net-print/cups-2.4.10: Listen symbol link privilege escalation vulnerability <net-print/cups-2.4.10-r1: Missing PPD attribute validation <net-print/cups-2.4.14: several vulnerabilities	606	750
922474	Major	<sys-apps/coreutils-9.4-r1: split heap buffer overflow vulnerability CVE-2024-0684 <sys-apps/coreutils-9.5: chmod -R TOCTOU vulnerability	468	636
884799	Major	<net-analyzer/cacti-1.2.26: multiple vulnerabilities CVE-2022-46169 CVE-2023-30534 CVE-2023-31132 CVE-2023-39357 CVE-2023-39358 CVE-2023-39359 CVE-2023-39360 CVE-2023-39361 CVE-2023-39362 CVE-2023-39365 CVE-2023-39510 CVE-2023-39511 CVE-2023-39512 CVE-2023-39513 CVE-2023-39514 CVE-2023-39515 CVE-2023-39516	313	1043
937127	Major	<dev-lang/orc-0.4.40: Stack-based buffer overflow when formatting error messages for certain input files. CVE-2024-40897	157	440
942471	Major	<dev-lang/spidermonkey-128.4.0: multiple vulnerabilities <dev-lang/spidermonkey-128.5.0: multiple vulnerabilities <dev-lang/spidermonkey-128.6.0: multiple vulnerabilities <dev-lang/spidermonkey-128.8.0: multiple vulnerabilities <dev-lang/spidermonkey-128.9.0: multiple vulnerabilities <dev-lang/spidermonkey-128.13.0: multiple vulnerabilities	155	352
952921	Major	<sys-process/atop-2.11.1: heap corruption CVE-2025-31160	155	200
949825	Major	<x11-libs/gtk+-3.24.48: Search path vulnerability CVE-2024-6655	126	242
957155	Major	<mail-client/roundcube-1.6.11 : Post-Auth RCE via PHP Object Deserialization <mail-client/roundcube-1.6.8: XSS vulnerability	86	133
958320	Major	<sys-libs/pam-1.7.1: Multiple vulnerabilities CVE-2024-10963 CVE-2025-6020	41	121

glsa? (591)

Major: 7 / Normal: 94 / Minor: 472 / Trivial: 3 / ??: 15
Average staleness: 526 / Average age: 822

Bug	Severity	Summary	Stale	Age
960565	Major	<mail-client/thunderbird{-bin,}-128.13.0: multiple vulnerabilities mail-client/thunderbird: august 2025 vulnerabilities, <142.0 & <140.2.0 & <128.14.0 960565, 961886	81	85
960564	Major	<www-client/firefox{-bin,}-{128.13.0,140.1.0,141.0}: multiple vulnerabilities www-client/firefox: <142.0 & <140.2.0 & <128.14.0 august 2025 vulnerabilities www-client/firefox: <143.0 & <140.3.0 september 2025 vulnerabilities 960564, 961884, 962992	61	85
947749	Major	<dev-db/redict-7.3.2, <dev-db/redis-{6.2.17,7.2.7,7.4.2}: multiple vulnerabilities CVE-2024-46981 CVE-2024-51741 <dev-db/redict-7.3.1 <dev-db/redis-{6.2.16,7.2.6,7.4.1}: multiple vulnerabilities <dev-db/redict-7.3.3 <dev-db/redis-{6.2.18,7.2.8,7.4.3}: An unauthenticated client can cause an unlimited growth of output buffers <dev-db/redict-7.3.5 <dev-db/redis-{6.2.19, 7.2.10, 7.4.5, 8.0.3}: Multiple vulnerabilities 947749, 940609, 954265, 959657	8	280
961884	Major	www-client/firefox: <142.0 & <140.2.0 & <128.14.0 august 2025 vulnerabilities <www-client/firefox{-bin,}-{128.13.0,140.1.0,141.0}: multiple vulnerabilities 961884, 960564	7	55
961886	Major	mail-client/thunderbird: august 2025 vulnerabilities, <142.0 & <140.2.0 & <128.14.0 <mail-client/thunderbird{-bin,}-128.13.0: multiple vulnerabilities 961886, 960565	7	55
962992	Major	www-client/firefox: <143.0 & <140.3.0 september 2025 vulnerabilities <www-client/firefox{-bin,}-{128.13.0,140.1.0,141.0}: multiple vulnerabilities 962992, 960564	7	29
942077	Major	<dev-lang/python-{3.9.21_p1:3.9,3.10.16_p1:3.10,3.11.11_p1:3.11,3.12.8:3.12,3.13.1:3.13,3.13.1_p1-r100:3.13t,3.14.0_alpha2:3.14,3.14.0_alpha2-r100:3.14t}: Virtual environment (venv) activation scripts don't quote paths CVE-2024-9287 <dev-lang/python-{0.3.13.5_p1,0.3.14.0_rc1_p1,3.9.23_p2,3.10.18_p2,3.11.13_p1,3.12.11_p1,3.13.5_p1,3.14.0_rc1_p1}, <dev-lang/pypy-3.11.7.3.20_p2: HTMLParser quadratic complexity when processing malformed inputs (and more HTMLParser vulnerabilities) <dev-lang/python-{0.3.13.5_p1,0.3.14.0_rc1_p1,3.9.23_p2,3.10.18_p2,3.11.13_p1,3.12.11_p1,3.13.5_p1,3.14.0_rc1_p1}, <dev-lang/pypy-3.11.7.3.20_p2: Tarfile infinite loop during parsing with negative member offset 942077, 958449, 960868	4	357
621258	Normal	dev-libs/libcroco: multiple vulnerabilities (CVE-2017-{8834,8871}) CVE-2017-8834 CVE-2017-8871	613	3052
918543	Normal	<media-gfx/zbar-0.23.93: multiple vulnerabilities CVE-2023-40889 CVE-2023-40890	373	691
931941	Normal	<dev-vcs/git-{2.39.4, 2.41.1, 2.43.4, 2.44.1, 2.45.1}: Multiple vulnerabilities CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 <dev-vcs/git-2.45.3: Multiple vulnerabilities 931941, 948111	373	519

glsa (8)

Critical: 1 / Major: 3 / Normal: 1 / Minor: 3
Average staleness: 2 / Average age: 410

Bug	Severity	Summary	Stale	Age
962126	Critical	<sys-fs/udisks-2.10.2: Out-Of-Bounds Read in UDisks Daemon CVE-2025-8067 <sys-fs/udisks-2.9.4: Denial of service (CVE-2021-3802)	3	48
951739	Major	<net-libs/webkit-gtk-2.48.3: multiple vulnerabilities CVE-2024-44192 CVE-2024-54467 CVE-2024-54551 CVE-2025-24201 CVE-2025-24208 CVE-2025-24209 CVE-2025-24213 CVE-2025-24216 CVE-2025-24264 CVE-2025-30427 WSA-2025-0002 WSA-2025-0003 <net-libs/webkit-gtk-2.44.3{,-r410,-r600}: multiple vulnerabilities <net-libs/webkit-gtk-2.46.5{,-r410,-r600}: multiple vulnerabilities	2	208
961021	Major	<net-libs/webkit-gtk-2.48.5: multiple vulnerabilities CVE-2025-31273 CVE-2025-31278 CVE-2025-43211 CVE-2025-43212 CVE-2025-43216 CVE-2025-43227 CVE-2025-43228 CVE-2025-43240 CVE-2025-43265 <net-libs/webkit-gtk-2.44.3{,-r410,-r600}: multiple vulnerabilities <net-libs/webkit-gtk-2.46.5{,-r410,-r600}: multiple vulnerabilities	2	75
963710	Major	<dev-qt/qtsvg-6.9.3:6: uncontrolled recursion and use-after-free vulnerabilities CVE-2025-10728 CVE-2025-10729 =dev-qt/qtsvg-6.6.0-r0 loading invalid QML image source can cause application crash (CVE-2023-45872)	1	13
938026	Normal	<net-libs/webkit-gtk-2.44.3{,-r410,-r600}: multiple vulnerabilities <net-libs/webkit-gtk-2.46.5{,-r410,-r600}: multiple vulnerabilities <net-libs/webkit-gtk-2.48.3: multiple vulnerabilities <net-libs/webkit-gtk-2.48.5: multiple vulnerabilities	2	426
827863	Minor	<sys-fs/udisks-2.9.4: Denial of service (CVE-2021-3802) CVE-2021-3802 <sys-fs/udisks-2.10.2: Out-Of-Bounds Read in UDisks Daemon	3	1417
941276	Minor	<net-libs/webkit-gtk-2.46.5{,-r410,-r600}: multiple vulnerabilities CVE-2024-40857 CVE-2024-40866 CVE-2024-44185 CVE-2024-44187 CVE-2024-44244 CVE-2024-44296 <net-libs/webkit-gtk-2.44.3{,-r410,-r600}: multiple vulnerabilities <net-libs/webkit-gtk-2.48.3: multiple vulnerabilities <net-libs/webkit-gtk-2.48.5: multiple vulnerabilities	2	370
915998	Minor	=dev-qt/qtsvg-6.6.0-r0 loading invalid QML image source can cause application crash (CVE-2023-45872) CVE-2023-45872 <dev-qt/qtsvg-6.9.3:6: uncontrolled recursion and use-after-free vulnerabilities	1	728